FIVE ESSENTIAL CAPABILITIES REQUIRED TO TACKLE IT SECURITY THREATSLOG & EVENT MANAGER

Narendran VaideeswaranProduct Marketing Manager

2

STATE OF SECURITYS E C U R I T Y I N C I D E N T S

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

Average time it takes an organization to detect a security breach. 206 days

of attackers are able to compromise an organization’s data within minutes.60%

79,790 security incidents in a year; 218 incidents per day; 10 per hour

of the security incidents were from privileged account abuse.55%

Increase in the number of security incidents in 2014, compared to 2006.1,121%

Source: 2015 Data Breach Investigations Report, 2015 Cost of Data Breach Study

3

WHAT DO YOU NEED TO IMPROVE IT SECURITY?T H E S E F I V E E S S E N T I A L C A PA B I L I T I E S

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

1.Centralized continuous monitoring.2.Real-time security incident awareness.3.Detection and response.4.Threat analytics.5.Compliance management.

4

LOG & EVENT MANAGERS I E M F O R I M P R O V E D I T S E C U R I T Y

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

SolarWinds® Log & Event Manager is an affordable, easy-to-use SIEM solution that helps you detect and respond to security threats and demonstrate compliance.

Centralized log

collection

Threat intelligence

Real-time event

correlations

In-depth threat

analysis

Compliance rules and reports

Network System

ApplicationDatabase

Log & Event Manager

5

#1 CENTRALIZED CONTINUOUS MONITORINGS C AT T E R E D L O G S D O N ’ T H AV E A P L A C E I N I T S E C U R I T Y

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

» Log & Event Manager helps you with continuous monitoring and centralized log collection, covering:» Network activity (suspicious network traffic, firewall config change activities, blocked Web traffic, etc.).» User activity, incl. privileged accounts (user logons, user additions to admin groups, failed logons, etc.).» Server activity (unauthorized configuration changes).» Endpoint device activity (workstation logon, USB defender).» File Integrity Monitoring (file and registry change activity).» Database activity (SQL Server® audits).

6

#2 REAL-TIME SECURITY INCIDENT AWARENESSD O N ’ T L E T S E C U R I T Y I N C I D E N T B L I N D N E S S J E O PA R D I Z E Y O U R B U S I N E S S

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

» View events in real-time:» Events are listed by both detection time and insertion time.» Easily find specific event types by filtering (logon events, account changes, network traffic, etc.).» Log normalization provides more detailed information on a specific event.» Understand trends with graphical data representations (events per minute, threat events by device type, events

by connector name, etc.).

7

#3 DETECTION AND RESPONSED O N ’ T L E T A N O M A L O U S B E H AV I O R G O U N D E T E C T E D

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

» Choose from hundreds of built-in correlation rules, customize them, or create your own:» Quickly search for rules (logon, user, database, etc.).» Define correlations (Web traffic audit, user logon failure, USB, etc.).» Create event thresholds (for example, unauthorized file copy attempts within a specific interval).» Define actions (detach USB device, block IP address, incident alert, kill processes, log off user, etc.).

8

#4 THREAT ANALYTICSK N O W W H E R E T O S TA R T A N D D R I L L D O W N T O T H E S P E C I F I C S

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

» Intuitive and in-depth log analysis for forensics and reporting:» Bar graphs to identify event spikes. (Why 400+ events at this specific time?)» Drill down to the specific system or node that’s generating suspicious events.» Root cause analysis to understand and troubleshoot network, systems, application, and database issues.» Focus on the trouble area with the help of granular event categories (processes, IP addresses, user

names, etc.).

9

#5 COMPLIANCE MANAGEMENTM E E T I N G I N D U S T RY- S TA N D A R D R E G U L AT I O N S S H O U L D N ’ T B E C U M B E R S O M E

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

» Demonstrate compliance, and meet audit requirements:» File Integrity Monitoring with built-in rules can audit file/registry activity to meet PCI DSS, SOX, and

HIPAA compliance requirements.» Out-of-the-box compliance reports for federal, retail, financial, education, and healthcare industrial

regulations.» Schedule compliance reports to run automatically, and export them to formats such as PDF, TXT, HTML,

etc.

10

RESOURCESM O R E O N L O G & E V E N T M A N A G E R

© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

“There really isn’t any other software out there that covers the wide berth of logging & event management collections. Log & Event Manager contains the most features and best support options that other providers simply can’t match.” - Shane Gibeault, Network Engineer, eHealth Technologies.

Log & Event ManagerFor questions, please contact sales at 866.530.8100, or email us at sales@solarwinds.com

Case studies

Cibola General Hospital Uses Log & Event Manager to Keep Malware at Bay

A Medium Enterprise Insurance Company Saves Over $500,000 a Year with Log & Event Manager

Log & Event Manager Guided Tour

How to Troubleshoot Network Issues